2012-08-12 54 views
24

我有一個網站,我啓用SSL啓用RESTful服務。我們已經在RapidSSL上註冊,安裝了證書,並通過了RapidSSL checker。我可以通過各種瀏覽器訪問網站,包括android瀏覽器(內置,firefox和opera),沒有任何問題,也沒有警告。Android ssl:javax.net.ssl.SSLPeerUnverifiedException:沒有同行證書(再次)

然而,當我試圖用我的Android應用程序訪問它,我得到以下異常:

08-11 20:04:05.586 363 381 E HttpProvider: Error executing request: No peer certificate 
08-11 20:04:05.586 363 381 E HttpProvider: javax.net.ssl.SSLPeerUnverifiedException: No peer certificate 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.harmony.xnet.provider.jsse.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:259) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:93) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.conn.ssl.SSLSocketFactory.createSocket(SSLSocketFactory.java:381) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:164) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:359) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) 
08-11 20:04:05.586 363 381 E HttpProvider: at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:465) 
08-11 20:04:05.586 363 381 E HttpProvider: at com.xxxxx.netlib.http.HttpProvider.executeRequest(HttpProvider.java:75) 

這發生在仿真器上的Android 2.3.3和3.2平板電腦。我已經看到很多關於這個的點擊,但是我發現沒有找到任何幫助我解決問題的方法。

更多的數據:

$ openssl s_client -CAfile www.xxxxx.com.pem -connect www.xxxxx.com:443 
CONNECTED(00000003) 
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority 
verify return:1 
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA 
verify return:1 
depth=1 C = US, O = "GeoTrust, Inc.", CN = RapidSSL CA 
verify return:1 
depth=0 serialNumber = 1-7wArtEjdTwJ94d5iVDooDmmC4mXyVj, OU = GT82425783, OU = See www.rapidssl.com/resources/cps (c)12, OU = Domain Control Validated - RapidSSL(R), CN = www.xxxxx.com 
verify return:1 
--- 
Certificate chain 
0 s:/serialNumber=1-7wArtEjdTwJ94d5iVDooDmmC4mXyVj/OU=GT82425783/OU=See www.rapidssl.com/resources/cps (c)12/OU=Domain Control Validated - RapidSSL(R)/CN=www.xxxxx.com 
    i:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA 
1 s:/C=US/O=GeoTrust, Inc./CN=RapidSSL CA 
    i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA 
    i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority 
--- 
[snip] 

我正在建立客戶端代碼:

public class HttpProvider implements INetworkProvider { 
    private static final String LOG = "HttpProvider"; 
    protected DefaultHttpClient client; 

    public HttpProvider() { 
    SchemeRegistry registry = new SchemeRegistry(); 
    registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80)); 
    final SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); 
    sslSocketFactory.setHostnameVerifier(SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER); 
    registry.register(new Scheme("https", sslSocketFactory, 443)); 

    client = new DefaultHttpClient(
     new ThreadSafeClientConnManager((new BasicHttpParams()), registry), new BasicHttpParams() 
    ); 
    } 
[snip] 

我也試圖與STRICT_HOSTNAME_VERIFIER和仍然沒有喜悅。

根據我的理解,我不需要設置任何自定義的信任庫或密鑰庫,因爲我已向認可的證書提供者進行了註冊。

我對ssl很新,發現我在三字縮寫的海洋裏游泳,我希望這裏有人能夠給我一個正確的方向。

+0

我已經想出瞭如何轉儲出系統信任存儲,並且我沒有在那裏看到RapidSSL,儘管帖子說它是在蜂窩中。我會嘗試創建自己的信任庫,看看會發生什麼。 – mvsjes2 2012-08-16 17:48:00

+0

試試這個:https://stackoverflow.com/a/38598593/2301721(使用HttpsURLConnection) – ashishdhiman2007 2017-05-30 09:46:44

回答